Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | /* |
| 3 | * Copyright (C) 2018 Linaro Limited |
| 4 | */ |
| 5 | #include <common.h> |
| 6 | #include <dm.h> |
| 7 | #include <sandboxtee.h> |
| 8 | #include <tee.h> |
| 9 | #include <tee/optee_ta_avb.h> |
| 10 | |
| 11 | /* |
| 12 | * The sandbox tee driver tries to emulate a generic Trusted Exectution |
| 13 | * Environment (TEE) with the Trusted Application (TA) OPTEE_TA_AVB |
| 14 | * available. |
| 15 | */ |
| 16 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 17 | static const u32 pstorage_max = 16; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 18 | /** |
| 19 | * struct ta_entry - TA entries |
| 20 | * @uuid: UUID of an emulated TA |
| 21 | * @open_session Called when a session is openened to the TA |
| 22 | * @invoke_func Called when a function in the TA is to be invoked |
| 23 | * |
| 24 | * This struct is used to register TAs in this sandbox emulation of a TEE. |
| 25 | */ |
| 26 | struct ta_entry { |
| 27 | struct tee_optee_ta_uuid uuid; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 28 | u32 (*open_session)(struct udevice *dev, uint num_params, |
| 29 | struct tee_param *params); |
| 30 | u32 (*invoke_func)(struct udevice *dev, |
| 31 | u32 func, uint num_params, |
| 32 | struct tee_param *params); |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 33 | }; |
| 34 | |
| 35 | #ifdef CONFIG_OPTEE_TA_AVB |
| 36 | static u32 get_attr(uint n, uint num_params, struct tee_param *params) |
| 37 | { |
| 38 | if (n >= num_params) |
| 39 | return TEE_PARAM_ATTR_TYPE_NONE; |
| 40 | |
| 41 | return params[n].attr; |
| 42 | } |
| 43 | |
| 44 | static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params, |
| 45 | struct tee_param *params) |
| 46 | { |
| 47 | u8 p[] = { p0, p1, p2, p3}; |
| 48 | uint n; |
| 49 | |
| 50 | for (n = 0; n < ARRAY_SIZE(p); n++) |
| 51 | if (p[n] != get_attr(n, num_params, params)) |
| 52 | goto bad_params; |
| 53 | |
| 54 | for (; n < num_params; n++) |
| 55 | if (get_attr(n, num_params, params)) |
| 56 | goto bad_params; |
| 57 | |
| 58 | return TEE_SUCCESS; |
| 59 | |
| 60 | bad_params: |
| 61 | printf("Bad param attrs\n"); |
| 62 | |
| 63 | return TEE_ERROR_BAD_PARAMETERS; |
| 64 | } |
| 65 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 66 | static u32 ta_avb_open_session(struct udevice *dev, uint num_params, |
| 67 | struct tee_param *params) |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 68 | { |
| 69 | /* |
| 70 | * We don't expect additional parameters when opening a session to |
| 71 | * this TA. |
| 72 | */ |
| 73 | return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, |
| 74 | TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, |
| 75 | num_params, params); |
| 76 | } |
| 77 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 78 | static u32 ta_avb_invoke_func(struct udevice *dev, u32 func, uint num_params, |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 79 | struct tee_param *params) |
| 80 | { |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 81 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 82 | ENTRY e, *ep; |
| 83 | char *name; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 84 | u32 res; |
| 85 | uint slot; |
| 86 | u64 val; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 87 | char *value; |
| 88 | u32 value_sz; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 89 | |
| 90 | switch (func) { |
| 91 | case TA_AVB_CMD_READ_ROLLBACK_INDEX: |
| 92 | res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, |
| 93 | TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT, |
| 94 | TEE_PARAM_ATTR_TYPE_NONE, |
| 95 | TEE_PARAM_ATTR_TYPE_NONE, |
| 96 | num_params, params); |
| 97 | if (res) |
| 98 | return res; |
| 99 | |
| 100 | slot = params[0].u.value.a; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 101 | if (slot >= ARRAY_SIZE(state->ta_avb_rollback_indexes)) { |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 102 | printf("Rollback index slot out of bounds %u\n", slot); |
| 103 | return TEE_ERROR_BAD_PARAMETERS; |
| 104 | } |
| 105 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 106 | val = state->ta_avb_rollback_indexes[slot]; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 107 | params[1].u.value.a = val >> 32; |
| 108 | params[1].u.value.b = val; |
| 109 | return TEE_SUCCESS; |
| 110 | |
| 111 | case TA_AVB_CMD_WRITE_ROLLBACK_INDEX: |
| 112 | res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, |
| 113 | TEE_PARAM_ATTR_TYPE_VALUE_INPUT, |
| 114 | TEE_PARAM_ATTR_TYPE_NONE, |
| 115 | TEE_PARAM_ATTR_TYPE_NONE, |
| 116 | num_params, params); |
| 117 | if (res) |
| 118 | return res; |
| 119 | |
| 120 | slot = params[0].u.value.a; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 121 | if (slot >= ARRAY_SIZE(state->ta_avb_rollback_indexes)) { |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 122 | printf("Rollback index slot out of bounds %u\n", slot); |
| 123 | return TEE_ERROR_BAD_PARAMETERS; |
| 124 | } |
| 125 | |
| 126 | val = (u64)params[1].u.value.a << 32 | params[1].u.value.b; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 127 | if (val < state->ta_avb_rollback_indexes[slot]) |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 128 | return TEE_ERROR_SECURITY; |
| 129 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 130 | state->ta_avb_rollback_indexes[slot] = val; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 131 | return TEE_SUCCESS; |
| 132 | |
| 133 | case TA_AVB_CMD_READ_LOCK_STATE: |
| 134 | res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT, |
| 135 | TEE_PARAM_ATTR_TYPE_NONE, |
| 136 | TEE_PARAM_ATTR_TYPE_NONE, |
| 137 | TEE_PARAM_ATTR_TYPE_NONE, |
| 138 | num_params, params); |
| 139 | if (res) |
| 140 | return res; |
| 141 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 142 | params[0].u.value.a = state->ta_avb_lock_state; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 143 | return TEE_SUCCESS; |
| 144 | |
| 145 | case TA_AVB_CMD_WRITE_LOCK_STATE: |
| 146 | res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, |
| 147 | TEE_PARAM_ATTR_TYPE_NONE, |
| 148 | TEE_PARAM_ATTR_TYPE_NONE, |
| 149 | TEE_PARAM_ATTR_TYPE_NONE, |
| 150 | num_params, params); |
| 151 | if (res) |
| 152 | return res; |
| 153 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 154 | if (state->ta_avb_lock_state != params[0].u.value.a) { |
| 155 | state->ta_avb_lock_state = params[0].u.value.a; |
| 156 | memset(state->ta_avb_rollback_indexes, 0, |
| 157 | sizeof(state->ta_avb_rollback_indexes)); |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 158 | } |
| 159 | |
| 160 | return TEE_SUCCESS; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 161 | case TA_AVB_CMD_READ_PERSIST_VALUE: |
| 162 | res = check_params(TEE_PARAM_ATTR_TYPE_MEMREF_INPUT, |
| 163 | TEE_PARAM_ATTR_TYPE_MEMREF_INOUT, |
| 164 | TEE_PARAM_ATTR_TYPE_NONE, |
| 165 | TEE_PARAM_ATTR_TYPE_NONE, |
| 166 | num_params, params); |
| 167 | if (res) |
| 168 | return res; |
| 169 | |
| 170 | name = params[0].u.memref.shm->addr; |
| 171 | |
| 172 | value = params[1].u.memref.shm->addr; |
| 173 | value_sz = params[1].u.memref.size; |
| 174 | |
| 175 | e.key = name; |
| 176 | e.data = NULL; |
| 177 | hsearch_r(e, FIND, &ep, &state->pstorage_htab, 0); |
| 178 | if (!ep) |
| 179 | return TEE_ERROR_ITEM_NOT_FOUND; |
| 180 | |
Igor Opaniuk | 34501d6 | 2019-05-06 12:07:31 +0300 | [diff] [blame] | 181 | value_sz = strlen(ep->data) + 1; |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 182 | memcpy(value, ep->data, value_sz); |
| 183 | |
| 184 | return TEE_SUCCESS; |
| 185 | case TA_AVB_CMD_WRITE_PERSIST_VALUE: |
| 186 | res = check_params(TEE_PARAM_ATTR_TYPE_MEMREF_INPUT, |
| 187 | TEE_PARAM_ATTR_TYPE_MEMREF_INPUT, |
| 188 | TEE_PARAM_ATTR_TYPE_NONE, |
| 189 | TEE_PARAM_ATTR_TYPE_NONE, |
| 190 | num_params, params); |
| 191 | if (res) |
| 192 | return res; |
| 193 | |
| 194 | name = params[0].u.memref.shm->addr; |
| 195 | |
| 196 | value = params[1].u.memref.shm->addr; |
| 197 | value_sz = params[1].u.memref.size; |
| 198 | |
| 199 | e.key = name; |
| 200 | e.data = NULL; |
| 201 | hsearch_r(e, FIND, &ep, &state->pstorage_htab, 0); |
| 202 | if (ep) |
| 203 | hdelete_r(e.key, &state->pstorage_htab, 0); |
| 204 | |
| 205 | e.key = name; |
| 206 | e.data = value; |
| 207 | hsearch_r(e, ENTER, &ep, &state->pstorage_htab, 0); |
| 208 | if (!ep) |
| 209 | return TEE_ERROR_OUT_OF_MEMORY; |
| 210 | |
| 211 | return TEE_SUCCESS; |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 212 | |
| 213 | default: |
| 214 | return TEE_ERROR_NOT_SUPPORTED; |
| 215 | } |
| 216 | } |
| 217 | #endif /*OPTEE_TA_AVB*/ |
| 218 | |
| 219 | static const struct ta_entry ta_entries[] = { |
| 220 | #ifdef CONFIG_OPTEE_TA_AVB |
| 221 | { .uuid = TA_AVB_UUID, |
| 222 | .open_session = ta_avb_open_session, |
| 223 | .invoke_func = ta_avb_invoke_func, |
| 224 | }, |
| 225 | #endif |
| 226 | }; |
| 227 | |
| 228 | static void sandbox_tee_get_version(struct udevice *dev, |
| 229 | struct tee_version_data *vers) |
| 230 | { |
| 231 | struct tee_version_data v = { |
| 232 | .gen_caps = TEE_GEN_CAP_GP | TEE_GEN_CAP_REG_MEM, |
| 233 | }; |
| 234 | |
| 235 | *vers = v; |
| 236 | } |
| 237 | |
| 238 | static int sandbox_tee_close_session(struct udevice *dev, u32 session) |
| 239 | { |
| 240 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 241 | |
| 242 | if (!state->ta || state->session != session) |
| 243 | return -EINVAL; |
| 244 | |
| 245 | state->session = 0; |
| 246 | state->ta = NULL; |
| 247 | |
| 248 | return 0; |
| 249 | } |
| 250 | |
| 251 | static const struct ta_entry *find_ta_entry(u8 uuid[TEE_UUID_LEN]) |
| 252 | { |
| 253 | struct tee_optee_ta_uuid u; |
| 254 | uint n; |
| 255 | |
| 256 | tee_optee_ta_uuid_from_octets(&u, uuid); |
| 257 | |
| 258 | for (n = 0; n < ARRAY_SIZE(ta_entries); n++) |
| 259 | if (!memcmp(&u, &ta_entries[n].uuid, sizeof(u))) |
| 260 | return ta_entries + n; |
| 261 | |
| 262 | return NULL; |
| 263 | } |
| 264 | |
| 265 | static int sandbox_tee_open_session(struct udevice *dev, |
| 266 | struct tee_open_session_arg *arg, |
| 267 | uint num_params, struct tee_param *params) |
| 268 | { |
| 269 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 270 | const struct ta_entry *ta; |
| 271 | |
| 272 | if (state->ta) { |
| 273 | printf("A session is already open\n"); |
| 274 | return -EBUSY; |
| 275 | } |
| 276 | |
| 277 | ta = find_ta_entry(arg->uuid); |
| 278 | if (!ta) { |
| 279 | printf("Cannot find TA\n"); |
| 280 | arg->ret = TEE_ERROR_ITEM_NOT_FOUND; |
| 281 | arg->ret_origin = TEE_ORIGIN_TEE; |
| 282 | |
| 283 | return 0; |
| 284 | } |
| 285 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 286 | arg->ret = ta->open_session(dev, num_params, params); |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 287 | arg->ret_origin = TEE_ORIGIN_TRUSTED_APP; |
| 288 | |
| 289 | if (!arg->ret) { |
| 290 | state->ta = (void *)ta; |
| 291 | state->session = 1; |
| 292 | arg->session = state->session; |
| 293 | } else { |
| 294 | printf("Cannot open session, TA returns error\n"); |
| 295 | } |
| 296 | |
| 297 | return 0; |
| 298 | } |
| 299 | |
| 300 | static int sandbox_tee_invoke_func(struct udevice *dev, |
| 301 | struct tee_invoke_arg *arg, |
| 302 | uint num_params, struct tee_param *params) |
| 303 | { |
| 304 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 305 | struct ta_entry *ta = state->ta; |
| 306 | |
| 307 | if (!arg->session) { |
| 308 | printf("Missing session\n"); |
| 309 | return -EINVAL; |
| 310 | } |
| 311 | |
| 312 | if (!ta) { |
| 313 | printf("TA session not available\n"); |
| 314 | return -EINVAL; |
| 315 | } |
| 316 | |
| 317 | if (arg->session != state->session) { |
| 318 | printf("Session mismatch\n"); |
| 319 | return -EINVAL; |
| 320 | } |
| 321 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 322 | arg->ret = ta->invoke_func(dev, arg->func, num_params, params); |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 323 | arg->ret_origin = TEE_ORIGIN_TRUSTED_APP; |
| 324 | |
| 325 | return 0; |
| 326 | } |
| 327 | |
| 328 | static int sandbox_tee_shm_register(struct udevice *dev, struct tee_shm *shm) |
| 329 | { |
| 330 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 331 | |
| 332 | state->num_shms++; |
| 333 | |
| 334 | return 0; |
| 335 | } |
| 336 | |
| 337 | static int sandbox_tee_shm_unregister(struct udevice *dev, struct tee_shm *shm) |
| 338 | { |
| 339 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 340 | |
| 341 | state->num_shms--; |
| 342 | |
| 343 | return 0; |
| 344 | } |
| 345 | |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 346 | static int sandbox_tee_remove(struct udevice *dev) |
| 347 | { |
| 348 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 349 | |
| 350 | hdestroy_r(&state->pstorage_htab); |
| 351 | |
| 352 | return 0; |
| 353 | } |
| 354 | |
| 355 | static int sandbox_tee_probe(struct udevice *dev) |
| 356 | { |
| 357 | struct sandbox_tee_state *state = dev_get_priv(dev); |
| 358 | /* |
| 359 | * With this hastable we emulate persistent storage, |
| 360 | * which should contain persistent values |
| 361 | * between different sessions/command invocations. |
| 362 | */ |
| 363 | if (!hcreate_r(pstorage_max, &state->pstorage_htab)) |
| 364 | return TEE_ERROR_OUT_OF_MEMORY; |
| 365 | |
| 366 | return 0; |
| 367 | } |
| 368 | |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 369 | static const struct tee_driver_ops sandbox_tee_ops = { |
| 370 | .get_version = sandbox_tee_get_version, |
| 371 | .open_session = sandbox_tee_open_session, |
| 372 | .close_session = sandbox_tee_close_session, |
| 373 | .invoke_func = sandbox_tee_invoke_func, |
| 374 | .shm_register = sandbox_tee_shm_register, |
| 375 | .shm_unregister = sandbox_tee_shm_unregister, |
| 376 | }; |
| 377 | |
| 378 | static const struct udevice_id sandbox_tee_match[] = { |
| 379 | { .compatible = "sandbox,tee" }, |
| 380 | {}, |
| 381 | }; |
| 382 | |
| 383 | U_BOOT_DRIVER(sandbox_tee) = { |
| 384 | .name = "sandbox_tee", |
| 385 | .id = UCLASS_TEE, |
| 386 | .of_match = sandbox_tee_match, |
| 387 | .ops = &sandbox_tee_ops, |
| 388 | .priv_auto_alloc_size = sizeof(struct sandbox_tee_state), |
Igor Opaniuk | fc1fe01 | 2019-04-09 15:38:14 +0200 | [diff] [blame] | 389 | .probe = sandbox_tee_probe, |
| 390 | .remove = sandbox_tee_remove, |
Jens Wiklander | eadf26f | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 391 | }; |